CVE-2025-5745

CWE-665CWE-4048 documents7 sources
Severity
5.6MEDIUM
EPSS
0.3%
top 51.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU GlibcTHE GNU C Library Glibc
Timeline
PublishedJun 5
Latest updateJul 14

Description

The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.2 | Impact: 3.4

Affected Packages3 packages

CVEListV5the_gnu_c_library/glibc2.40
NVDgnu/glibc2.402.40-136+1
Debianglibc< 2.41-9+1

🔴Vulnerability Details

4
OSV
glibc vulnerabilities2025-07-14
OSV
CVE-2025-5745: The strncmp implementation optimized for the Power10 processor in the GNU C Library version 22025-06-05
CVEList
CVE-2025-5745: The strncmp implementation optimized for the Power10 processor in the GNU C Library version 22025-06-05
GHSA
GHSA-7qrf-49g7-25m2: The strncmp implementation optimized for the Power10 processor in the GNU C Library version 22025-06-05

📋Vendor Advisories

3
Ubuntu
GNU C Library vulnerabilities2025-07-14
Red Hat
glibc: Vector register overwrite bug in glibc2025-06-05
Debian
CVE-2025-5745: glibc - The strncmp implementation optimized for the Power10 processor in the GNU C Libr...2025
CVE-2025-5745 (MEDIUM CVSS 5.6) | The strncmp implementation optimize | cvebase.io